| Popis: |
Defining personal, anonymous, and pseudonymous data is a vital issue for data protection law. Current approaches adopted by legal regimes are either too absolute to be practical or too vague to be manageable. Differential privacy (DP), as a newly emergent technical tool, can help define the different categories of data by quantifiably measuring identification risks of databases. Through the selection of a privacy budget in advance, data controllers can delineate the boundaries among personal, anonymous, and pseudonymous data in an auditable and reviewable manner, as well as incorporate these definitions into the broader practice of data risk management. This article offers concrete steps for applying this approach in practice and argues that such an approach not only enhances certainty, consistency, and transparency, but also inspires a new model of interaction between law and technology. Recognizing that this approach is not perfect, the article then discusses some challenges and directions for future research. |
